[openssl-users] Updating (re-issuing) self-signed cert with keyid, issuer, serial AKI
Philip Prindeville
philipp_subx at redfish-solutions.com
Fri Feb 17 06:43:17 UTC 2017
Hi.
I have the following certificate (below) and I’m trying to generate a new self-signed cert from it, but when I do so the issuer+serial get dropped from it.
Looking at the CSR that gets generated as an intermediate step, I’m not seeing that information there.
What do I need to do to "copy through" the AKI into the request with -x509toreq?
Also attaching the script I’m using.
And yes, it’s a 1024-bit key… It’s probably worth scrapping the old key and generating a new one, but before I do that I want to solve the AKI issue...
Thanks,
-Philip
-------------- next part --------------
A non-text attachment was scrubbed...
Name: example.crt
Type: application/x-x509-ca-cert
Size: 1017 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170216/6355cd6f/attachment.crt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: renew-dummy-cert
Type: application/octet-stream
Size: 912 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170216/6355cd6f/attachment.obj>
More information about the openssl-users
mailing list